perfSONAR User Q&A and Other Discussion

[Kate Adams <>]

Mark,

The short version are excellent recipe/install notes!  Can you add the file that users are supposed to edit to your very thorough documentation?  That was the part that wasn't clear, where to add the rules.

Kate

On Wed, Aug 8, 2018 at 3:51 PM, Mark Feit <> wrote:

Kate Adams writes:

If you consider the host is genuinely hostile, the better thing to do is use the pScheduler limit system to forbid testing.  If you’re using something close to the stock limit file that ships with perfSONAR, there’s a “hackers” identifier that its IP(s) could be added to that would bring it to a stop.

 

I don't know how to do any of this, and the documentation isn't clear.  How does one go about limiting tests from pscheduler?

 

Short version:

 

• On the system(s) where you want to impose the restriction, edit the file /etc/pscheduler/limits.conf.
• In the first section of the file (“Identifiers”), there’s an item called “hackers.”  Inside that is an array with an IP address in it.  The one that’s in there is an example (and one that should never request and can be replaced with something else.  Add a quoted, comma-separated list of single IPv4 or IPv6 addresses (e.g.,1.2.3.4 or dead:beef:1234) or CIDR blocks (e.g., 1.2.3.0/24 or dead:beef/32) and any requests for tests involving that host will be denied.
• Write the file out and exit the editor.
• As root, run the command “pscheduler validate-limits” to make sure what you wrote didn’t contain any errors.
• The system will begin enforcing the new limits within 15 seconds of a valid file being written.

 

 

The full documentation on the limit system is here:  https://docs.perfsonar.net/config_pscheduler_limits.html   It’s more reference than tutorial; at some point in the future one of us will be conducting a webinar on how all of this works.

 

--Mark

 

--

Kate Adams ()

Cyberinfrastructure Technologist

Great Plains Network